16 lines
903 B
Plaintext
16 lines
903 B
Plaintext
|
|
rule _PseudoThreat_c00009c4{
|
|
meta:
|
|
description = "!PseudoThreat_c00009c4,SIGNATURE_TYPE_PEHSTR,0c 00 09 00 06 00 00 03 00 "
|
|
|
|
strings :
|
|
$a_01_0 = {43 52 59 50 54 4b 45 59 } //03 00 CRYPTKEY
|
|
$a_01_1 = {43 52 59 50 54 45 4e 44 } //03 00 CRYPTEND
|
|
$a_01_2 = {00 5c 00 64 00 65 00 76 00 69 00 63 00 65 00 5c 00 70 00 68 00 79 00 73 00 69 00 63 00 61 00 6c 00 6d 00 65 00 6d 00 6f 00 72 00 79 } //03 00 尀搀攀瘀椀挀攀尀瀀栀礀猀椀挀愀氀洀攀洀漀爀礀
|
|
$a_01_3 = {55 89 e5 83 ec 24 89 7c 24 08 89 74 24 04 89 1c 24 83 ec 10 8b 45 14 8b 7d 10 8b 5d 0c 89 44 24 0c } //03 00
|
|
$a_01_4 = {46 69 6e 64 4e 65 78 74 46 69 6c 65 41 00 55 89 e5 83 ec 18 89 7c 24 08 89 74 24 04 89 1c 24 ff 75 0c ff 75 08 } //03 00
|
|
$a_01_5 = {46 69 6e 64 4e 65 78 74 46 69 6c 65 57 00 55 89 e5 83 ec 18 89 7c 24 08 89 74 24 04 89 1c 24 ff 75 0c ff 75 08 } //00 00
|
|
condition:
|
|
any of ($a_*)
|
|
|
|
} |